tracking down source/cause of garbage packets

From: jonathan (ttyp32000_at_yahoo.com)
Date: 10/09/03


Date: 9 Oct 2003 12:40:11 -0700

hey all,

Our network has been having difficulties; and using iris (a windows
tool) we are seeing tons of packets that:

a) don't have a valid mac address
b) don't have valid IP addresses on either the sending or receiving
end.
c) that have frames of either '---' (not valid) or 802.3
d) that have either the 'spanning tree' or 'SNAP' or '---' protocol

ie, they are basically dummies that are clogging our network. Any clue
on what
might be causing this? Can a program (virus, etc) spoof mac addresses
as
well as IP? How would people go about tracking them down?

Thanks much,

jon



Relevant Pages

  • Re: tracking down source/cause of garbage packets
    ... >tool) we are seeing tons of packets that: ... >a) don't have a valid mac address ... they are basically dummies that are clogging our network. ...
    (comp.security.misc)
  • Re: [opensuse] SuseFirewall IPv4 vs IPv6
    ... # network security threats. ... # Opening ports for LAN services in the external zone defeats the ... # this setting only works for packets destined for the local machine. ... # If the protocol is icmp then port is interpreted as icmp type ...
    (SuSE)
  • Re: Ethernet issue: works one way but not another
    ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ...
    (freebsd-questions)
  • Re: Update: UDP 770 Potential Worm
    ... > the network immediately after the 'attack', ... were no packets indicating some form of replication. ... I noticed that the UDP ... > of the UDP datagrams is the IP address of the proxy? ...
    (Incidents)
  • Re: IDSIPS that can handle one Gig
    ... especially with 64-byte UDP packets. ... There are plenty of network IPS's ... IDS/IPS devices through use of fragments. ... Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)